Privacy Policy

The categories of information we collect depend on how you use the Service.

Waitlist information. If you join the waitlist, we collect the email address you submit and the timestamp of your submission. A founding-member number may be assigned to your entry.

Account information. If you create an account, we collect the email address you authenticate with through our authentication provider, the handle you choose (which does not require a legal name), the archetype assigned by the quiz, and any preferences you set.

Activity inside the Service. The Service collects the answers and selections you make in the quiz, the maps you build (such as the Body Map and Yes/No/Maybe Map), the prompts you answer in the Desire Architecture arc, your interactions with the community library (posts you author, reactions you give, items you save, follows or orbits), and your conversations with the AI Coach feature.

Optional content. The selfie-to-avatar feature processes any image you choose to upload. AI portrait generation processes the data needed to render an output image.

Transactional information. If you make a purchase, a payment processor collects the information necessary to complete the transaction. A limited record of the purchase (amount, product, date) is retained for accounting and customer support. Full card numbers are never stored on LAYR systems.

Technical information. When you use the Service, LAYR and its service providers automatically receive limited technical information such as IP address, browser type, device type, and the pages visited on the Service. This data is used for security, abuse prevention, error monitoring, and aggregate analytics.

The Service does not require or collect your real legal name, phone number, home address, geolocation, contacts, photo library outside of any image you intentionally upload, social media accounts, or browsing history outside the Service. We do not sell your personal information. We do not share your personal information with advertisers, data brokers, or for the purpose of cross-context behavioral advertising.

Information described above is used to operate, provide, maintain, secure, and improve the Service; to authenticate accounts; to enable features you choose to use; to respond to your requests; to detect, investigate, and prevent fraud, abuse, and security incidents; to comply with legal obligations; to communicate with you about the Service (including waitlist updates if you opted in); and to exercise or defend legal claims.

If you are in the European Economic Area, the United Kingdom, or another region with similar law, we rely on one or more of the following legal bases to process your personal data: (a) your consent (for example, joining the waitlist or using optional AI features), (b) our performance of a contract with you (operating the Service you signed up for), (c) our legitimate interests in operating, securing, and improving the Service (where those interests are not overridden by your rights), and (d) compliance with legal obligations. You may withdraw consent at any time where consent is the basis; withdrawal does not affect the lawfulness of processing before withdrawal.

Personal information is shared only with service providers that help operate the Service, with authorities when required by law, and with successor entities in connection with a business transfer.

Service providers currently in use include Supabase (database and authentication, hosted in the United States), Vercel (application hosting and edge delivery), Google (the Gemini API powers optional AI features such as portrait generation, selfie analysis, the Coach, and the Core Erotic Theme synthesis on day 30 of the arc), Resend (delivery of transactional and waitlist emails sent from the layr.you domain), Meta Platforms (anonymous analytics via the Meta Pixel, which measures page views, waitlist signups, and quiz completions to optimize advertising performance), and our domain registrar for email forwarding. Each provider receives only the data necessary to perform its function and is bound by contractual obligations to safeguard that data. Our AI provider processes your input to generate output and, under the applicable enterprise terms, does not use your data to train its general-purpose foundation models.

Information may be disclosed when we believe in good faith that disclosure is necessary to comply with a subpoena, court order, or other legal process; to enforce our Terms of Service; to protect the rights, property, or safety of LAYR, our users, or others; or to investigate suspected fraud or violations.

LAYR is operated from the United States. Our service providers process data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required by applicable law, we rely on appropriate safeguards such as Standard Contractual Clauses for international transfers.

Personal information is retained for as long as needed to provide the Service to you, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Specific retention practices:

• Waitlist email. Retained until you ask us to remove it or until 24 months after the public launch of the Service, whichever comes first.
• Account profile and on-app content. Retained for the life of your account and deleted within 30 days after account deletion, subject to limited retention in backups for an additional period not to exceed 90 days, and subject to any retention required by law.
• AI Coach conversation history. Retained for the life of your account and deleted along with the account on the same schedule above.
• Transactional records. Retained for the period required by applicable tax, accounting, and consumer-protection law, generally seven years in the United States.
• Server logs and security telemetry. Retained for up to 90 days, longer where retention is required to investigate abuse or comply with law.

Your data is encrypted in transit using TLS and at rest within our database provider. Database access is restricted by row-level security policies that limit each user’s reads and writes to their own data. Server-side endpoints authenticate every request and enforce additional checks before any sensitive operation. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security; reasonable administrative, technical, and physical safeguards are in place to protect your information.

In the event LAYR becomes aware of a security breach affecting your personal information, we will notify you and applicable regulators where and when required by law.

Your maps and answers are private to you by default. Features that compare maps with another LAYR user (such as pair-share compatibility) require both people to opt in by exchanging a code. The community library shows your handle but never your email or any real-name identifier. Other users do not see your transaction history or your AI Coach conversations.

LAYR uses third-party AI providers, including Google Gemini, for optional features. When you use one of these features, the relevant input is transmitted to the provider for processing and the output is returned to you and stored in your account. Under the applicable enterprise terms with our provider, your inputs and outputs are not used to train the provider’s general-purpose foundation models. AI output may be inaccurate; see our Terms of Service for the relevant disclaimers.

The Service uses a limited set of cookies and similar technologies that are necessary to operate the Service, such as keeping you signed in and remembering preferences. The Service does not use third-party advertising cookies and does not engage in cross-context behavioral advertising. Site analytics, where performed, rely on privacy-respecting aggregate measures. You can control or block cookies through your browser settings.

Depending on where you live, you may have the following rights with respect to your personal information.

Right to access. You can request a copy of the personal information we hold about you.

Right to correct. You can request that inaccurate or incomplete information be corrected.

Right to delete. You can request deletion of your personal information, subject to legal exceptions such as records we are required to keep for accounting or compliance purposes.

Right to portability. You can request a copy of your data in a portable, machine-readable format where applicable law requires it.

Right to object or restrict. You can object to certain processing or ask us to restrict it. You can also withdraw any consent you previously gave.

California residents (CCPA and CPRA). You have the right to know the categories of personal information we collect, the purposes for which it is used, and the categories of third parties with whom it is shared; the right to delete personal information; the right to correct inaccurate information; the right to opt out of any sale or sharing of personal information for cross-context behavioral advertising (we do not sell or share your personal information for advertising purposes); and the right not to be discriminated against for exercising your privacy rights. You may exercise these rights through the contact information below, and you may designate an authorized agent to act on your behalf.

EEA, UK, and Switzerland residents. In addition to the rights listed above, you have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at the address in the Contact section below. We will respond within the time frame required by applicable law (generally within 30 to 45 days). Identity verification may be required before fulfilling certain requests.

You can delete your account from the Settings panel when signed in. Deletion permanently removes your profile, maps, library posts, AI Coach conversations, and transactional account records, subject to the retention schedule described above. Removing your waitlist email can be requested by emailing us at the contact below.

The Service is intended for adults aged 18 years or older. The Service is not directed to children, and we do not knowingly collect personal information from anyone under the age of 18. If we learn that information from a person under 18 has been collected, it will be deleted promptly. If you believe a minor has provided us with personal information, contact us at the address below.

The Service does not currently respond to Do Not Track signals. LAYR does not engage in the cross-context behavioral tracking that those signals are designed to address.

This Privacy Policy may be updated from time to time. Material changes will be announced through the Service or by email where available. The “Last updated” date at the top of this page reflects the latest revision. Continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.

For privacy questions, requests, or to exercise any of the rights described above, contact us at privacy@layr.you. General inquiries can be directed to hello@layr.you.

Mailing address for legal notices: Laurie Ivy, doing business as LAYR, State of Florida, United States. A specific mailing address will be provided on request.